[Date Prev][Date Next] [Chronological] [Thread] [Top]


On Thu, Oct 21, 2004 at 05:29:26PM +0100, Greg Matthews wrote:
> Does anyone use TLS_CACERTDIR in their .ldaprc file?
> I can't get this to work with ldapsearch. If I use TLS_CACERT and put
> all the CA certificates in one file then it will work. If I use both
> options su(1) segfaults!
> using 2.2.17 ldapsearch and various versions of slapd. It seems to be on
> the client side tho as it doesnt recognise the CA, so I surmise it is
> not parsing the files in TLS_CACERTDIR correctly. Should these be
> something other than pem format?

Have you created the symbolic links with the hashed form?
Something like:
f73e89fd.0 -> vsignss.pem
ddc328ff.0 -> thawteCb.pem

/usr/bin/c_rehash from openssl does this. It is necessary in order for the
openssl library to find the right CA file in that dir.